added login filter to filter different peers with the same pub key

2026-05-04 08:06:37 +00:00 · 2025-06-12 15:55:50 +01:00
parent bdf2994e97
commit 5b09804a17
7 changed files with 207 additions and 3 deletions
--- a/management/server/peer_test.go
+++ b/management/server/peer_test.go
@@ -10,6 +10,7 @@ import (
 	"net/netip"
 	"os"
 	"runtime"
+	"strconv"
 	"strings"
 	"testing"
 	"time"
@@ -1579,7 +1580,6 @@ func Test_LoginPeer(t *testing.T) {
 	testCases := []struct {
 		name                         string
 		setupKey                     string
-		wireGuardPubKey              string
 		expectExtraDNSLabelsMismatch bool
 		extraDNSLabels               []string
 		expectLoginError             bool
@@ -1679,6 +1679,88 @@ func Test_LoginPeer(t *testing.T) {
 	}
 }

+func Test_LoginPeerMultipleAccess(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skip("The SQLite store is not properly supported by Windows yet")
+	}
+
+	s, cleanup, err := store.NewTestStoreFromSQL(context.Background(), "testdata/extended-store.sql", t.TempDir())
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer cleanup()
+
+	eventStore := &activity.InMemoryEventStore{}
+
+	metrics, err := telemetry.NewDefaultAppMetrics(context.Background())
+	assert.NoError(t, err)
+
+	ctrl := gomock.NewController(t)
+	t.Cleanup(ctrl.Finish)
+	settingsMockManager := settings.NewMockManager(ctrl)
+	permissionsManager := permissions.NewManager(s)
+
+	am, err := BuildManager(context.Background(), s, NewPeersUpdateManager(nil), nil, "", "netbird.cloud", eventStore, nil, false, MocIntegratedValidator{}, metrics, port_forwarding.NewControllerMock(), settingsMockManager, permissionsManager)
+	assert.NoError(t, err)
+
+	existingAccountID := "bf1c8084-ba50-4ce7-9439-34653001fc3b"
+	_, err = s.GetAccount(context.Background(), existingAccountID)
+	require.NoError(t, err, "Failed to get existing account, check testdata/extended-store.sql. Account ID: %s", existingAccountID)
+
+	setupKey := "A2C8E62B-38F5-4553-B31E-DD66C696CEBB"
+
+	peer := &nbpeer.Peer{
+		ID:        xid.New().String(),
+		AccountID: existingAccountID,
+		UserID:    "",
+		IP:        net.IP{123, 123, 123, 123},
+		Meta: nbpeer.PeerSystemMeta{
+			Hostname: "Peer",
+			GoOS:     "linux",
+		},
+		Name:       "PeerName",
+		DNSLabel:   "peer.test",
+		Status:     &nbpeer.PeerStatus{Connected: false, LastSeen: time.Now()},
+		SSHEnabled: false,
+	}
+	_, _, _, err = am.AddPeer(context.Background(), setupKey, "", peer)
+	require.NoError(t, err, "Expected no error when adding peer with setup key: %s", setupKey)
+
+	testCases := []struct {
+		name string
+		n    int
+	}{
+		{
+			name: "10 logins",
+			n:    10,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			actual := 1 // First login is always successful
+			for i := range tc.n {
+				loginInput := types.PeerLogin{
+					WireGuardPubKey: peer.ID,
+					SSHKey:          "test-ssh-key",
+					Meta: nbpeer.PeerSystemMeta{
+						Hostname: "peer" + strconv.Itoa(i),
+					},
+					UserID:       "",
+					SetupKey:     setupKey,
+					ConnectionIP: net.ParseIP("192.0.2.100"),
+				}
+				_, _, _, loginErr := am.LoginPeer(context.Background(), loginInput)
+				if loginErr != nil {
+					actual++
+				}
+				time.Sleep(time.Millisecond * 100)
+			}
+			require.Equal(t, tc.n-1, actual, "Expected %d insuccessful logins, got %d", tc.n, actual)
+		})
+	}
+}
+
 func TestPeerAccountPeersUpdate(t *testing.T) {
 	manager, account, peer1, peer2, peer3 := setupNetworkMapTest(t)